Research On Malware Detection Method Based On Machine Learning

As computers and the Internet become more and more important in people's daily lives,the endless stream of malware poses a serious and ever-changing threat to the secu-rity of computers and the Internet,making detection of malware the most worrying of the moment.The problem.At present,there has been a lot of research to detect smart mal-ware by applying data mining and machine learning techniques.Although some of them have achieved good results,most of them are based on shallow learning architectures.However,with the development of computer computing power,the rise of deep learning technology,especially its superior ability to learn features through multi-layer deep archi-tecture,the use of deep learning to detect malware began to be applied in industrial and academic research.This thesis is based on extracting Windows API calls,PE header fields and other features from the portable executable file,as well as the byte sequence of PE file itself,focusing on how to design a smart malware detection deep learning architecture.Exper-iments show that the heterogeneous deep learning network model proposed in this thesis has a significant improvement over the traditional shallow model in detecting malware.The main research content is divided into three parts:1.Analyze the current threats of malware to people and summarize some research results and progress in this direction at home and abroad at this stage?2.Based on some public websites,2379 malicious sample data and 1790 normal sam-ple data were collected,then the data was pre-processed,and the windows api call of the PE file,the PE header field,and the n-ary sequence of the opcode were com-pared.The artificial feature is used as an additional input to the network model after cascading noise reduction from the encoder.3.Design the network model structure.The first half of the model extracts the charac-teristics of the PE file itself from a gated convolutional neural network.The latter part combines the artificial features as additional input to the model.At the same time,the loss function of the model consists of two parts.The auxiliary loss func-tion The assessment is based solely on the PE file itself,and the main loss function assessment is based on the file itself and the prediction of additional features.4.conduct a comprehensive experimental study of the actual data sets we collected,comparing various machine learning/deep learning methods for detecting malware.The experimental results show that compared with the traditional machine learning method and the monotonous deep learning method,the multi-task deep learning framework pro-posed in this thesis can further improve the overall performance of malware detection.